General

  • Target

    plan-515372324.xlsb

  • Size

    155KB

  • Sample

    210629-ya5cdesfp2

  • MD5

    08e52afbefa423fb9f1ea0af88a4880e

  • SHA1

    2d688dfee28f75553bc1d3633f891d2e70e0408b

  • SHA256

    aaa32ff3e41c61fe828f0850e702f5ed7ffd6177c4bf80ed15324525537f44cd

  • SHA512

    7a5400ec826ecaa0fa6a8beb9022bd9e918f11cf97e57d747477720889f7203af983620e2f7b543fb1ff5cc5a9eff13447d6353506c862dfe2ebd23b7a63dee8

Score
10/10

Malware Config

Extracted

Language xlm4.0
Source
URLs
xlm40.dropper

https://khangland.pro/v8gEDeSB/sun.html

xlm40.dropper

https://jaipurbynite.com/stLdQs9R53/sun.htm

Targets

    • Target

      plan-515372324.xlsb

    • Size

      155KB

    • MD5

      08e52afbefa423fb9f1ea0af88a4880e

    • SHA1

      2d688dfee28f75553bc1d3633f891d2e70e0408b

    • SHA256

      aaa32ff3e41c61fe828f0850e702f5ed7ffd6177c4bf80ed15324525537f44cd

    • SHA512

      7a5400ec826ecaa0fa6a8beb9022bd9e918f11cf97e57d747477720889f7203af983620e2f7b543fb1ff5cc5a9eff13447d6353506c862dfe2ebd23b7a63dee8

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Persistence

                    Privilege Escalation